Back to directory

WRITEUP #5645

How I could have stolen your photos from Google

IDORParameter tamperingBroken authorization

by@GergoTurcsanyi(Gergő Turcsányi)

Bounty

4,133.7

Program

Google

Published

Dec 11, 2018

Added to HackDex

Sep 15, 2022

Read Full Writeuphttps://avatao.com/blog-how-i-could-have-stolen-your-photos-from-google-my-first-3-bug-bounty-writeups/

▸ RELATED WRITEUPS

CVE-2024-45195: Apache OFBiz Unauthenticated Remote Code Execution (Fixed)

RCEForced browsing

Zomatoooo! IDOR in Saved Payments

[$500] How I was able to give verification badge to any YouTube channel and bypass needed requirements

OtherParameter tampering

How 1 Exposed Honeywell API Gave us Control Over an Internal Engineering System

ReconMissing authentication

How I got my first $13500 bounty through Parameter Polluting (HPP)

Built with ❤️ by Shubham Rawat